Two-factor authentication is now available in RushFiles!
In order to help you get started with using 2FA, we've created a small FAQ about this topic here. This article is meant to give quick answers to your questions. Visit our 2FA articles for end-users, company administrators, and reseller administrators for additional details.
In this article:
Q: What is 2FA and why should I use it?
Q: How does the login process change when using 2FA?
Q: What authentication methods are available?
Q: Who can use 2FA?
Q: What is a primary account? Where can I see information about my primary account?
Q: Can Active Directory integrated users use 2FA?
Q: How can I start using 2FA?
Q: How do I log in after I've set up a 2FA method for my profile?
Q: As a user, what can I do if I lose my email address/device used for 2FA?
Q: As a company admin, what can I do if one of my users loses their device used for 2FA?
Q: When trying to temporarily disable 2FA for a user, I'm not given the option to do so. Why?
Q: I have enforced the use of 2FA on my company account, however not all users are forced to use it. Why?
Q: As a reseller admin, what do I need to do to enable the option for 2FA for my customers?
Q: As a reseller admin, what can I do if one of my customers has completely locked themselves out of their account?
Q: As a reseller admin, can I force my customers to use 2FA?
Q: Can I use 2FA as a reseller admin user that has no associations to any company accounts?
1) General
Question: What is 2FA and why should I use it?
Answer: Two-factor (2FA) or multi-factor authentication (MFA) is an additional security layer for your business. This helps you address the vulnerabilities of a standard password-only approach, making accessing your hosted data even safer.
Question: How does the login process change when using 2FA?
Answer: Using the 2FA feature will add one more step in the login process for the user. In addition to providing the correct username and password, the user will be required to enter a One Time Password.
Question: What authentication methods are available?
Answer:
Email: With this method, every time the user logs in, they receive an email containing the authentication code. The email that will be sent out to users you host can be customized in the Mail Templates menu. We recommend that company and reseller admins do this before enabling 2FA for their users.
Authenticator application: Login with an authenticator application. This method is also known as TOTP (Time-based One-time password). Using this method, the user can setup 2FA by scanning a QR code using a TOTP based smartphone application, like Google Authenticator or Microsoft Authenticator. The application then continuously generates the authentication codes for the user which the user can use to authenticate themselves.
Question: Who can use 2FA?
Answer: Users that are associated with a company account can take advantage of 2FA to secure their logins, provided that the company administrator of their primary company account has enabled the option. Currently, Reseller admin users that do not belong to a company cannot use 2FA.
Question: What is a primary account? Where can I see information primary company account?
Answer: A user's primary company account is typically the first one they were created on. Each user can see the name of their primary account in the Profile menu of the web client. The administrator of that account has to enable 2FA on it before you can use it.
Question: Can Active Directory integrated users use 2FA?
Answer: Yes, AD integrated users can setup and use 2FA on their user profiles exactly the same way as non-AD integrated users.
2) End-users
Question: How can I start using 2FA?
Answer: You'll need to log in to the Web Client, go to the Profile page, and click on Edit two-factor authentication settings. After typing in your password again, you'll be able to select a 2FA method and set it up by following the on-screen instructions. See the whole process here.
Question: How do I log in after I've set up a 2FA method for my profile?
Answer: After providing your email address and password, you need to input your authentication code. Depending on what method you chose, the code will either arrive as an email when you try to log in, or you need to use the code that's shown in your authenticator app.
Question: As a user, what can I do if I lose the device I'm using for 2FA?
Answer: If you have your recovery codes saved and available to you, use one of them to be able to log in a single time and change your 2FA settings. In case you don't have access to your recovery codes either, ask your company administrator to disable it temporarily for you.
3) Company administrators
Question: As a company admin, what can I do if one of my users loses the email address/device used for 2FA?
Answer: If the user does not have their recovery codes saved either, you can temporarily disable 2FA for them, provided that they are primary users of your company. After doing so, they will be able to log in without an authentication code a single time. In case you are enforcing 2FA on the account, they will be prompted to set up 2FA during login instead.
Question: When trying to temporarily disable 2FA for a user, I'm not given the option to do so. Why?
Answer: This is most likely due to the user having a different primary company account. You can't disable 2FA for a user that's a primary user of a different account.
Question: I have enforced the use of 2FA on my company account, however not all users are forced to use it. Why?
Answer: This is most likely due to these users having a different company account as their primary, and thus are unaffected by your settings.
4) Reseller administrators
Question: As a reseller admin, what do I need to do to enable the option for 2FA for my customers?
Answer: Log in to the reseller control panel, and find the "Enable two-factor authentication" toggle on the My Account page. Scroll up to the top of the page and click Save. Now, all your customers have the option to enable and use 2FA.
Question: As a reseller admin, what can I do if one of my customers has completely locked themselves out of their account (no recovery codes, no company admins that are able to log in with 2FA)?
Answer: You can disable 2FA for the account until the admins regain and reconfigure 2FA settings. To do so, log in to the reseller control panel, navigate to the company account in the Companies menu, and disable the "Enable two-factor authentication" option here. Scroll up to the top of the page and hit Save. The company admin will now be able to log in without 2FA.
Question: As a reseller admin, can I force my customers to use 2FA?
Answer: You can't enforce company accounts to use 2FA. This option is only available to company administrators. You can, however, enable or disable 2FA on a given company account.
Question: Can I use 2FA as a reseller admin user that has no associations to any company accounts?
Answer: Starting from web client version 2.5.0, reseller admins can use 2FA without a company association by clicking the Profile button in the reseller admin panel. On web client versions below 2.5.0, you need to be associated with an active company account to use 2FA as a reseller admin.